<?php
/**
 * @author bbernath
 *         Date: 03.11.13
 *         Time: 17:34
 * @version 1.0.4
 */

echo "<h3>&raquo; Administration Anmeldung</h3>";
if (isset($_GET['action'])) {
    if (isset($_GET['site'])) {
        if ($_GET['site'] == 'login') {
            if ((isset($_POST['loginname']) && (isset($_POST['password'])))) {
                $sql = "select id, password from user where loginname=?";
                if (!$stmt = $db->prepare($sql)) {
                    echo $db->error;
                }
                $stmt->bind_param('s', $_POST['loginname']);
                if (!$stmt->execute()) {
                    echo $stmt->error;
                }
                $stmt->bind_result($id, $password);
                if ($stmt->fetch()) {
                    if ($_POST['password'] == $password) {
                        echo "&raquo; <a href=index.php?action=administration&site=news&userid=" . $id . ">News verwalten</a><br>";
                        echo "&raquo; <a href=index.php?action=administration&site=comments&userid=" . $id . ">Kommentare verwalten</a><br>";
                        echo "&raquo; <a href=index.php?action=administration&site=pricelist&userid=" . $id . ">Preisliste verwalten</a><br>";
                        echo "&raquo; <a href=index.php?action=administration&site=team&userid=" . $id . ">Team verwalten</a><br><br>";
                        echo "&raquo; <a href=index.php?action=administration>Administration beenden</a>";
                    } else {
                        echo "Die Anmeldung war nicht erfolgreich.";
                    }
                } else {
                    echo "Die Anmeldung war nicht erfolgreich.";
                }
                $stmt->close();
            } else {
                echo "<form action='index.php?action=administration&site=login' method='post'>";
                echo "<table><tr><td>Anmeldung:</td><td><input name='loginname' type='text' size='30' maxlength='30'></td></tr>";
                echo "<tr><td>Passwort:</td><td><input name='password' type='password' size='30' maxlength='30'></td></tr>";
                echo "<tr><td></td><td><input type='submit' value='Anmelden'></td>";
                echo "</table></form>";
            }
        }
    } else {
        echo "<form action='index.php?action=administration&site=login' method='post'>";
        echo "<table><tr><td>Anmeldung:</td><td><input name='loginname' type='text' size='30' maxlength='30'></td></tr>";
        echo "<tr><td>Passwort:</td><td><input name='password' type='password' size='30' maxlength='30'></td></tr>";
        echo "<tr><td></td><td><input type='submit' value='Anmelden'></td>";
        echo "</table></form>";
    }
}